Personal Data Protection

Personal Data Protection

The website Passages Secrets collects and processes personal data about you when you purchase your travel package, in order to provide you with an experience perfectly adapted to your profile. The personal data collected is strictly necessary for the management of your travel.

The Dealigence SAS  guarantees compliance with the General Data Protection Regulation or GDPR (European Regulation No. 2016/679 of 27 April 2016) which entered into force on 25 May 2018, and undertakes to respect the following principles :

– Ensure transparency, fairness and legality in the processing and use of your personal data.
– Limit the processing of personal data to specific, explicit and legitimate purposes.
– Minimise the collection and storage of personal data with regard to the purpose of the processing operations.
– Guarantee the accuracy of personal data and allow the client to delete or rectify them.
– Limit the period of storage of personal data.
– Technically ensure the security, integrity and confidentiality of personal data.

The Dealigence SAS  informs you below of its personal data policy so that you can be fully informed of the processing carried out. You can therefore communicate your personal data in full knowledge of the facts before concluding your contract.

Types of data processed

The personal data of the clients of the website Passages Secrets are those that make it possible to identify individuals directly or indirectly.

Passages Secrets thus collects the data essential to the organization of the trip such as:

– Identification information: first and last name, date and place of birth, nationality, copy or passportdetails.
– Contact information: postal address, email, telephone number.
– It may happen that the proper execution of your reservation and your stay by  The Dealigence SAS  requires so-called sensitive data, linked to health (food allergies).

The collection concerns the data of all travellers registered on the booking confirmation. The client concluding the contract, and disclosing the personal data of all travellers, is bound by the consent of all the physical persons registered on the same contract.

La Purpose of data processing

Your data is collected at the time of the booking of your travel and is used :

– To book your travel arrangements.
– To the proper execution of the tour or stay.
– To monitor customer relations and optimise our services: sending newsletters, proposing new service offers or similar trips that may be of interest to you.
– To produce statistics.

Personal information provided by customers is processed by The Dealigence SAS exclusively on the basis of the execution of the contract and on their explicit consent given for any commercial prospection.

If you object to the processing of your data, your reservation cannot be validated.

If you refuse your consent, you will not receive any commercial prospection unless you have already contracted with Passages Secrets. In such case, you may receive similar offers.

Data transmission and data access

The Dealigence SAS is responsible for the processing of your data. Your data may therefore be stored, processed and transferred:

– To employees of The Dealigence SAS whose involvement is necessary for the performance of services or the follow-up of customer relations.
– To our partners in order to carry out the tasks essential to the realization of the tour or the stay. These partners may include suppliers of booked services such as guides, hoteliers, restaurateurs, transporters. These suppliers are subject to the General Data Protection Regulation (GDPR) and will treat your data in accordance with their own privacy policy for the sole purpose of performing the tasks necessary for the execution of the tour or stay. We invite you to consult their data policies available on their websites where applicable.
– Technical service providers (IT, web-hosting, email distribution, online payment provider).

These service providers are subject to compliance with the legislation in force. They shall act on instructions from The Dealigence SAS and may not have the data at their disposal for purposes other than those mentioned in Article 3.

Each of the parties responsible for processing the data on behalf of The Dealigence SAS provides sufficient guarantees to meet the requirements of the General Data Protection Regulation (GDPR).

Under no circumstances will personal data be transferred to third parties who do not interfere with the processing of data for the purposes described herein.

The data will not be transferred to service providers established outside the European Union.

Length of data retention

The personal data collected are kept for the length of the contractual relationship and for the time necessary to meet any legal or regulatory obligation.

The Dealigence SAS may keep the data for up to 5 years.

Your rights

You have the right to access, rectify, delete, oppose and transfer your data to The Dealigence SAS, which will reply as soon as possible and at the latest within 30 days. This period may exceptionally be extended by 2 months in the event of specific and justified reasons.

You may also request a limitation on the processing of the data collected and you also have the right to withdraw your consent at any time.

These rights may be exercised at any time by contacting The Dealigence SAS by post at the following address: 1 place Boieldieu 75002 Paris, France or by email info@passagessecrets.com.

It is also recalled that any person may also file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), the supervisory authority competent in France for the protection of personal data, in the event of difficulties.

Data security

The information collected by Passages Secrets is securely stored on the cloud of its OVH web-hosting provider in France.

When making online payments on the Passages Secrets website via your credit card, we guarantee that the payment is secured by Paypal, holder of the PCI DSS certification and authorized to store the customer’s bank details in order to complete the payment. We also guarantee that no bank details will be kept by The Dealigence SAS.

The Website is maintained and regularly updated to comply with any new regulations or legislation.

The Dealigence SAS undertakes to protect personal data by any appropriate technical and operational means in order to prevent any distortion, damage or intrusion by unauthorized third parties.

This protection will be carried out by any person likely to operate processing for the purposes mentioned in Article 3 above.

However, if the security of the data is violated by an accident or an illegal intrusion, The Dealigence SAS will notify the CNIL of the violation (destruction, loss, alteration, unauthorized disclosure) of the data within 72 hours. It will also notify this violation to the data subject if there is a high risk to its data.

What rights do our customers have and how can they exercise them?

Right of access: To obtain information about the processing of personal data and a copy of the personal data.
Right of rectification: If personal data are inaccurate or incomplete, the customer can demand that they be amended accordingly.
Right to erasure: The customer may request the deletion of his personal data to the extent permitted by the regulations.
Right to the limitation of the processing: The customer may request the limitation of the processing of his personal data.
Right to object: The customer may object to the processing of his personal data for reasons related to his particular situation. The customer has the absolute right to object to the processing of his personal data for commercial prospecting purposes, including profiling related to such prospecting.
Right to the portability of personal data: When this right is applicable, the customer has the right to have his or her personal data returned to him or her or, when technically possible, to have it transferred to a third party.
Right to define directives regarding the conservation : erasure or communication of personal data, applicable after death.
Right to withdraw consent: if the customer has given his consent to the processing of his personal data, he has the right to withdraw his consent at any time.

The customer can exercise the rights listed above, by mail addressed to The Dealigence SAS by contacting us on our website Passages Secrets. If the customer has any questions concerning the use of his personal data, he can contact our data protection officer, Isabelle Pioc, by mail at info@passagessecrets.com.